Wordpress 等でのPHPのマルウェア・ウィルス・改ざんコードをデコードして難読化をオンラインで解除し、
元の読みやすいコードに戻し解読できます。
<?php namespace Mgt\Varnish\Model; class License { const MODULE_NAME = "\x4d\147\164\137\126\141\162\x6e\x69\x73\150"; protected $dirReader; protected $domains = []; public function __construct() { $objectManager = $this->getObjectManager(); $this->dirReader = $objectManager->get("\134\x4d\141\147\x65\156\164\x6f\x5c\x46\x72\x61\x6d\145\x77\x6f\x72\x6b\134\115\x6f\x64\165\x6c\145\134\x44\151\162\x5c\x52\x65\x61\144\x65\x72"); } public function hasLicense($currentHost) { goto e4522; Ec5de: $expireDate = new \Zend_Date(); goto d684c; A0c55: $isHostValid = $this->_isHostValid($currentHost, $license["\144\x6f\155\x61\x69\156\x73"]); goto e8b67; e8b67: if (!(is_array($license) && $license["\x6d\x6f\x64\x75\154\x65"] == self::MODULE_NAME && $isHostValid && (!$license["\145\x78\160\x69\x72\145\104\141\x74\145"] || $license["\145\170\160\151\162\x65\104\141\164\x65"] && $expireDate->isLater(Zend_Date::now())))) { goto f766f; } goto Fdb76; c7af6: $today = new \DateTime(); goto Cf94f; A0fd2: eval(gzinflate(base64_decode(file_get_contents($licenseFile)))); goto b0a00; d684c: $expireDate->setTimestamp($license["\145\x78\x70\151\x72\x65\x44\x61\x74\145"]); goto a75b9; a76bf: return $hasLicense; goto E93ac; Fdb76: $hasLicense = true; goto b18c7; e4522: $hasLicense = false; goto dda45; Cf94f: if (!(isset($license["\x65\170\x70\151\x72\x65\x44\x61\164\x65"]) && $license["\x65\170\160\151\x72\x65\104\141\164\145"])) { goto Ca531; } goto Ec5de; a75b9: Ca531: goto A0c55; deb25: if (!(true === file_exists($licenseFile))) { goto E9d99; } goto A0fd2; b0a00: $currentHost = str_replace("\x77\167\x77\x2e", '', $currentHost); goto c7af6; Aa1ed: E9d99: goto a76bf; dda45: $licenseFile = $this->dirReader->getModuleDir('', self::MODULE_NAME) . "\57\x6c\x69\x63\145\x6e\x73\145\56\x6d\147\164"; goto deb25; b18c7: f766f: goto Aa1ed; E93ac: } protected function _isHostValid($currentHost, array $domains) { goto F0fc6; Edd99: foreach ($domains as $domain) { goto e9c49; Ac936: De926: goto dae8b; e9c49: if (!strstr($currentHost, $domain)) { goto De926; } goto e927b; e927b: $isHostValid = true; goto c8d86; dae8b: Ae1af: goto B93c5; c8d86: goto A2f48; goto Ac936; B93c5: } goto D2302; F0fc6: $isHostValid = false; goto Edd99; D43d6: return $isHostValid; goto Fbe6b; D2302: A2f48: goto D43d6; Fbe6b: } public function getDomains() { goto Ab33d; B4d97: fc4c2: goto a190a; F5ea4: if (!(isset($license["\144\x6f\155\x61\151\156\x73"]) && $license["\144\157\155\141\151\x6e\x73"])) { goto A4d8b; } goto a798b; Dc134: $licenseFile = $this->dirReader->getModuleDir('', self::MODULE_NAME) . "\57\x6c\x69\143\x65\x6e\163\145\56\x6d\147\164"; goto d8e41; a190a: return $domains; goto f512b; d07f7: eval(gzinflate(base64_decode(file_get_contents($licenseFile)))); goto F5ea4; Ab33d: $domains = []; goto Dc134; d8e41: if (!(true === file_exists($licenseFile))) { goto fc4c2; } goto d07f7; a798b: $domains = $license["\x64\157\x6d\141\x69\x6e\163"]; goto ff79f; ff79f: A4d8b: goto B4d97; f512b: } protected function getObjectManager() { $objectManager = \Magento\Framework\App\ObjectManager::getInstance(); return $objectManager; } }
<?php namespace Mgt\Varnish\Model; class License { const MODULE_NAME = "Mgt_Varnish"; protected $dirReader; protected $domains = array(); public function __construct() { $objectManager = $this->getObjectManager(); $this->dirReader = $objectManager->get("\\Magento\\Framework\\Module\\Dir\\Reader"); } public function hasLicense($currentHost) { $hasLicense = false; $licenseFile = $this->dirReader->getModuleDir('', self::MODULE_NAME) . "/license.mgt"; if (!(true === file_exists($licenseFile))) { goto E9d99; } eval(gzinflate(base64_decode(file_get_contents($licenseFile)))); $currentHost = str_replace("www.", '', $currentHost); $today = new \DateTime(); if (!(isset($license["expireDate"]) && $license["expireDate"])) { goto Ca531; } $expireDate = new \Zend_Date(); $expireDate->setTimestamp($license["expireDate"]); Ca531: $isHostValid = $this->_isHostValid($currentHost, $license["domains"]); if (!(is_array($license) && $license["module"] == self::MODULE_NAME && $isHostValid && (!$license["expireDate"] || $license["expireDate"] && $expireDate->isLater(Zend_Date::now())))) { goto f766f; } $hasLicense = true; f766f: E9d99: return $hasLicense; } protected function _isHostValid($currentHost, array $domains) { $isHostValid = false; foreach ($domains as $domain) { if (!strstr($currentHost, $domain)) { } $isHostValid = true; goto A2f48; } A2f48: return $isHostValid; } public function getDomains() { $domains = []; $licenseFile = $this->dirReader->getModuleDir('', self::MODULE_NAME) . "/license.mgt"; if (!(true === file_exists($licenseFile))) { goto fc4c2; } eval(gzinflate(base64_decode(file_get_contents($licenseFile)))); if (!(isset($license["domains"]) && $license["domains"])) { goto A4d8b; } $domains = $license["domains"]; A4d8b: fc4c2: return $domains; } protected function getObjectManager() { $objectManager = \Magento\Framework\App\ObjectManager::getInstance(); return $objectManager; } }
■【無料】ワードプレス:マルウェアスキャン&セキュリティープラグイン [マルウェア・ウィルス検出と駆除]
■WordPress のマルウェア駆除、セキュリティー対策 カスタマイズや修正、引っ越し・復旧のご依頼承ります
(C)2019 ワードプレス ドクター All rights reserved.